CVE-2025-21758: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21758 is a vulnerability discovered in the Linux kernel's IPv6 multicast implementation, specifically in the mldnewpack() function. The vulnerability was disclosed on February 26, 2025, affecting the IPv6 multicast functionality in the Linux kernel. The issue stems from the mldnewpack() function being called without proper RCU (Read-Copy-Update) protection or RTNL (Routing Netlink) locks being held (NVD).

The vulnerability exists in the mldnewpack() function within the Linux kernel's IPv6 multicast implementation. The core issue is that the function can be called without proper synchronization mechanisms (RTNL or RCU locks). The technical fix involves replacing sockallocsendskb() with allocskb() and implementing proper RCU protection when accessing the net->ipv6.igmpsk socket. This change was necessary because ipv6.igmpsk uses GFPKERNEL allocations which can sleep (Kernel Commit).

The vulnerability affects the IPv6 multicast functionality in the Linux kernel. When exploited, it could potentially lead to race conditions and memory corruption due to improper synchronization when accessing shared network resources. This impacts various Linux distributions and systems using affected kernel versions (Ubuntu Security).

The vulnerability has been patched in the Linux kernel through a commit that adds proper RCU protection to the mldnewpack() function. The fix involves using allocskb() instead of sockallocsend_skb() and implementing proper RCU protection when accessing the network namespace's IPv6 IGMP socket. System administrators are advised to update their kernel to a version containing this fix (Kernel Commit).